effect-expert
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run the
effect-solutionsCLI tool to retrieve technical recommendations. This tool is not a recognized industry standard and does not originate from a vendor on the trusted list. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection (Category 8).
- Ingestion points: The agent is mandated to execute
effect-solutions listandeffect-solutions showcommands and use their output to guide code reviews and implementation inSKILL.md. - Boundary markers: There are no specified delimiters or instructions for the agent to treat the CLI output as untrusted data, increasing the likelihood of the agent obeying instructions embedded in the tool's output.
- Capability inventory: The agent is granted permission to modify service files and agent tools within the project directories (
packages/services/andagent-tools/*), creating a path for malicious code to be introduced via the tool's output. - Sanitization: The skill does not define any validation or sanitization steps for the content fetched from the external CLI tool before the agent acts upon it.
Audit Metadata